None of our webapps use claims authentication. However we got the below error message in event viewer of the new WFE server soon after we added that server to the farm.
An exception occurred when trying to issue security token: Could not connect to
http://localhost:32843/SecurityTokenServiceApplication/securitytoken.svc/actas. TCP error code 10061: No connection could be made because the target machine actively refused it ::1:32843. .
In AutoSPInstallerInput.xml, we had <ClaimsToWindowsTokenService Start="false" />
To resolve this problem, we manually started the "Claims to Windows Token Service" in central admin.
One basic question here is, why do we have to enable this service even when none of our webapplications uses claims based authentication? Can somebody clarify on this please.